66 lines
3.3 KiB
Plaintext
66 lines
3.3 KiB
Plaintext
<patchinfo incident="169">
|
|
<!-- generated from request(s) 356120 -->
|
|
<issue tracker="bnc" id="1217070">VUL-0: CVE-2023-47108: TRACKERBUG: otelgrpc: DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics</issue>
|
|
<issue tracker="bnc" id="1228324">VUL-0: CVE-2024-41110: docker: Authz zero length regression</issue>
|
|
<issue tracker="bnc" id="1228553">VUL-0: CVE-2023-45142: TRACKERBUG: otelhttp,otelhttptrace,otelrestful: DoS vulnerability</issue>
|
|
<issue tracker="bnc" id="1229806">CVE-L3: OpenTelemetry-Go related vulnerabilities in dockerd and containerd [ ref:_00D1igLOd._500TrEscMs:ref ]</issue>
|
|
<issue tracker="bnc" id="1230294">[trackerbug] docker 26.1.5 update</issue>
|
|
<issue tracker="bnc" id="1230331">docker: add Requires for docker-buildx</issue>
|
|
<issue tracker="bnc" id="1230333">docker-buildx: move to be a subpackage of Docker</issue>
|
|
<issue tracker="bnc" id="1231348">Issues on remount of tmpfs mount/secrets</issue>
|
|
<issue tracker="bnc" id="1232999">Issues on Remount of tmpfs for Docker Secrets Directory</issue>
|
|
<issue tracker="bnc" id="1233819">docker-buildx doesn't work with containers-suseconnect</issue>
|
|
<issue tracker="cve" id="2023-45142"/>
|
|
<issue tracker="cve" id="2023-47108"/>
|
|
<issue tracker="cve" id="2024-41110"/>
|
|
<packager>cyphar</packager>
|
|
<rating>critical</rating>
|
|
<category>security</category>
|
|
<summary>Security update for docker</summary>
|
|
<description>This update for docker fixes the following issues:
|
|
|
|
- Update docker-buildx to v0.19.2. See upstream changelog online at
|
|
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
|
|
|
|
Some notable changelogs from the last update:
|
|
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
|
|
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
|
|
|
|
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
|
|
disable the SUSEConnect integration with Docker (which creates special mounts
|
|
in /run/secrets to allow container-suseconnect to authenticate containers
|
|
with registries on registered hosts). bsc#1231348 bsc#1232999
|
|
|
|
In order to disable these mounts, just do
|
|
|
|
echo 0 > /etc/docker/suse-secrets-enable
|
|
|
|
and restart Docker. In order to re-enable them, just do
|
|
|
|
echo 1 > /etc/docker/suse-secrets-enable
|
|
|
|
and restart Docker. Docker will output information on startup to tell you
|
|
whether the SUSE secrets feature is enabled or not.
|
|
|
|
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
|
|
sysconfig a long time ago, and apparently this causes issues with systemd in
|
|
some cases.
|
|
|
|
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
|
|
are replacing. See upstream changelog online at
|
|
<https://github.com/docker/buildx/releases/tag/v0.17.1>
|
|
|
|
- Add %{_sysconfdir}/audit/rules.d to filelist.
|
|
|
|
- Update to Docker 26.1.5-ce. See upstream changelog online at
|
|
<https://docs.docker.com/engine/release-notes/26.1/#2615>
|
|
bsc#1230294
|
|
- This update includes fixes for:
|
|
* CVE-2024-41110. bsc#1228324
|
|
* CVE-2023-47108. bsc#1217070
|
|
* CVE-2023-45142. bsc#1228553
|
|
</description>
|
|
<package>docker</package>
|
|
<seperate_build_arch/>
|
|
<message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
|
|
</patchinfo> |